$OpenBSD: patch-authenticate_c,v 1.2 2017/05/22 20:03:43 giovanni Exp $
Index: authenticate.c
--- authenticate.c.orig
+++ authenticate.c
@@ -25,6 +25,9 @@
 #include "strlcpy.h"
 #include "mysql.h"
 
+#define POP3ALLOW_FILE SYSCONFDIR "/pop3.allow"
+#define POP3DENY_FILE SYSCONFDIR "/pop3.deny"
+
 extern const char * authfile;
 char real_username[MAXLINE+1];
 char real_maildrop[MAXLINE+1];
@@ -104,7 +107,7 @@ static int user_in_file(char * user, char * path) {
 static int is_user_allowed(char * user) {
   int allow, deny;
 
-  switch (user_in_file(user,"/etc/pop3.allow")>0) {
+  switch (user_in_file(user,POP3ALLOW_FILE)>0) {
     case 0:
       allow = 0;
       break;
@@ -115,7 +118,7 @@ static int is_user_allowed(char * user) {
       return 0;
   }
 
-  switch (user_in_file(user,"/etc/pop3.deny")) {
+  switch (user_in_file(user,POP3DENY_FILE)) {
     case 0:
       deny = 0;
       break;
@@ -322,7 +325,7 @@ int authenticate(char * username, char * password) {
   memset(pass,0,sizeof(pass));
   strlcpy(pass,password,len+1);
 
-  /* check /etc/pop3.{allow,deny} */
+  /* check %sysconfdir%/pop3.{allow,deny} */
   if (0!=use_pop3_allow_deny && 0==is_user_allowed(user)) {
     return 0;
   }
@@ -335,7 +338,7 @@ int authenticate(char * username, char * password) {
   }
 
 #ifndef HAVE_LIBMYSQLCLIENT
-  u = getpwnam(user);
+  u = getpwnam_shadow(user);
 #else
     u = getMpwnam( user ); /* getMpwnam first checks getpwnam() */
 #endif /* HAVE_LIBMYSQLCLIENT */
